Table of Contents
Advertisement
Chapter 10
Configuring the Sensor Using the CLI
Sensor Configuration Tasks
Configuring Signatures
Configuring Alarm Channel System Variables
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
78-15597-02
This section describes the main configuration tasks for the sensor.
This section contains the following topics:
Configuring Signatures, page 10-35
•
•
IP Logging, page 10-50
Configuring Blocking, page 10-57
•
This section describes how to configure signatures on the sensor.
This section contains the following topics:
Configuring Alarm Channel System Variables, page 10-35
•
•
Configuring Alarm Channel Event Filters, page 10-37
Viewing Signature Engine Parameters, page 10-39
•
•
Configuring Virtual Sensor System Variables, page 10-42
Tuning Signature Engines, page 10-45
•
The tune-alarm-channel command enables you to configure system variables for
the alarm aggregation process. The items and menus in this configuration depend
on the contents of the configuration file and are built dynamically based on the
configuration retrieved when the command is executed. The modifications made
in this mode and any submodes contained within it are applied when you exit
tune-alarm-channel mode.
You can change the value of an alarm channel system variable, but you cannot add
variables or delete variables. You also cannot change the name, type, or
constraints of a variable. If you use a variable in a filter, you must use a dollar sign
(for example, $SIG1) in front of the variable to indicate that the string you have
entered represents a variable.
Sensor Configuration Tasks
10-35
Advertisement
Table of Contents
Troubleshooting
